الوصف:

أصدرت Red Hat عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:

• zsh
  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Process Automation Manager 7.7.0
  • Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 x86_64
• icu
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.7 x86_64
  • Red Hat Enterprise Linux Server - TUS 7.7 x86_64
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
• python-imaging
  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Decision Manager 7.7.0
  • Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 x86_64

التهديدات:

يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:

• تجاوز سعة مخزن الذاكرة المؤقت
• رفع الصلاحيات لزيادة قدرته على التعديل في النظام
• هجمة حجب الخدمة (DoS attack)

الإجراءات الوقائية:

يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتRed Hat توضيحًا لهذه التحديثات:

• https://access.redhat.com/errata/RHSA-2020:0892
• https://access.redhat.com/errata/RHSA-2020:0895
• https://access.redhat.com/errata/RHSA-2020:0896
• https://access.redhat.com/errata/RHSA-2020:0897
• https://access.redhat.com/errata/RHSA-2020:0898
• https://access.redhat.com/errata/RHSA-2020:0899